[KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code #3278
Conversation
|
Well learned from this pr. It is much resuable and elegant in scala style after refactoring. |
|
Codecov Report
@@ Coverage Diff @@
## master #3278 +/- ##
============================================
- Coverage 51.37% 51.37% -0.01%
Complexity 13 13
============================================
Files 468 469 +1
Lines 26222 26229 +7
Branches 3633 3630 -3
============================================
+ Hits 13472 13474 +2
- Misses 11467 11469 +2
- Partials 1283 1286 +3
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
@turboFei UT has been enhanced and CI passed now, please take a look again. |
|
@pan3793 May I suggest to change change a config name from
Or I could fill anther PR for this very soon to fix this, better for release with 1.6.0. |
| } | ||
| if (!query.contains("${username}")) { | ||
| warn("Query SQL does not contains '${username}' placeholder") | ||
| } |
There was a problem hiding this comment.
| } | |
| } | |
| if (!query.contains("${password}")) { | |
| warn("Query SQL does not contains '${password}' placeholder") | |
| } |
How about adding check for ${password} placeholder here, as auth method checked password not blank in first place? @pan3793
| s" or contains blank space") | ||
| } | ||
|
|
||
| if (StringUtils.isBlank(password)) { |
There was a problem hiding this comment.
Shall we bring back password not blank checking? If auth method allow passing with missing password, the whole authentication relies on the confidentiality of username alone. @pan3793
There was a problem hiding this comment.
I think we should allow empty password, and the auth query will fail the athentication is password is required.
| throw new AuthenticationException(s"Password does not match or no such user. user:" + | ||
| s" $user , password length: ${password.length}") | ||
| debug(s"prepared auth query: $preparedQuery") | ||
| JdbcUtils.executeQuery(preparedQuery) { stmt => |
There was a problem hiding this comment.
shall we a add a query time out for JdbcUtils.executeQuery to prevent blocking out of connection timeout ?
There was a problem hiding this comment.
we can extend KyuubiConf to allow configuring arbitrary properties, but it's out of scope in this PR, better do it in new PR.
kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala
Outdated
Show resolved
Hide resolved
...est/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
Outdated
Show resolved
Hide resolved
...est/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala
Outdated
Show resolved
Hide resolved
…uite.scala Co-authored-by: Bowen Liang <[email protected]>
…ication/JdbcAuthenticationProviderImplSuite.scala Co-authored-by: Bowen Liang <[email protected]>
…ication/JdbcAuthenticationProviderImplSuite.scala Co-authored-by: Bowen Liang <[email protected]>
You can send a followup PR if you have time :) |
bowenliang123
left a comment
bowenliang123
left a comment
There was a problem hiding this comment.
LGTM.
For the change in kuubi.authentication.jdbc.user config name, i will fill a PR soon after this PR merged.
|
Thanks, merging to master/1.6 |
### _Why are the changes needed?_ This is the followup of #3235, the main change is introdude `JdbcUtils` to simplify code, and allow empty password for Jdbc auth. Jdbc connection pool has been removed because `JdbcAuthenticationProviderImpl` will be created on each connection, we can improve to use singleton in the future ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3278 from pan3793/jdbc-followup. Closes #3222 2863cae [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala 51a9c45 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala eee3c55 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala d02bb99 [Cheng Pan] nit e001b5b [Cheng Pan] nit 8cf5cd6 [Cheng Pan] nit 032f2df [Cheng Pan] nit 8a42f18 [Cheng Pan] nit c7893fd [Cheng Pan] JdbcUtilsSuite f97f2d9 [Cheng Pan] remove pool a8812d0 [Cheng Pan] move render result set to test 83d7d4c [Cheng Pan] fix ut db787a4 [Cheng Pan] nit 864f9dd [Cheng Pan] nit b60decf [Cheng Pan] nit 8c66e0b [Cheng Pan] nit 2063c43 [Cheng Pan] [KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code Authored-by: Cheng Pan <[email protected]> Signed-off-by: Cheng Pan <[email protected]> (cherry picked from commit d0f75e8) Signed-off-by: Cheng Pan <[email protected]>
| } { resultSet => | ||
| if (resultSet == null || !resultSet.next()) { | ||
| throw new AuthenticationException("Password does not match or no such user. " + | ||
| s"user: $user, password: $redactedPasswd") |
There was a problem hiding this comment.
@pan3793 It seems throwing woring redacted password with authdb password. It should throws with connection password. Let me fix it in next PR?
There was a problem hiding this comment.
Oh, my fault, thanks for catching this issue. Sure, let's fix it in followup
4 participants
Why are the changes needed?
This is the followup of #3235, the main change is introdude
JdbcUtilsto simplify code, and allow empty password for Jdbc auth.Jdbc connection pool has been removed because
JdbcAuthenticationProviderImplwill be created on each connection, we can improve to use singleton in the futureHow was this patch tested?
Add some test cases that check the changes thoroughly including negative and positive cases if possible
Add screenshots for manual tests if appropriate
Run test locally before make a pull request